Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Decompiler V.2.4.rar

windows10-1703-x64

3

Bugs.dll

windows10-1703-x64

1

Decompile ...7.rbxl

windows10-1703-x64

3

Decompiler V.2.4.exe

windows10-1703-x64

9

discord_to...er.pyc

windows10-1703-x64

3

get_cookies.pyc

windows10-1703-x64

3

misc.pyc

windows10-1703-x64

3

passwords_grabber.pyc

windows10-1703-x64

3

source_prepared.pyc

windows10-1703-x64

3

Lisence.md

windows10-1703-x64

3

LoaderScripts.py

windows10-1703-x64

3

Roblox HWD/Bugs.dll

windows10-1703-x64

1

Roblox HWD/Scripts.py

windows10-1703-x64

3

Scripts/Read me.txt

windows10-1703-x64

1

Scripts/Scripts.py

windows10-1703-x64

3

Scripts/ServerSide.py

windows10-1703-x64

3

decompile.dll

windows10-1703-x64

1

krnlapi.dll

windows10-1703-x64

1

saveinstance.dll

windows10-1703-x64

1

Resubmissions

12/01/2025, 13:45

250112-q2d1jsvkav 10

15/08/2024, 09:01

240815-ky8g4avejg 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Decompiler V.2.4.rar

  • Size

    73.8MB

  • Sample

    240815-ky8g4avejg

  • MD5

    86961889e1eb75e6f5ec6f96df826862

  • SHA1

    989727abc34182c44b5ba75e6b38fe11d7960896

  • SHA256

    10d68e96b17fe89e1672bb3df965728067c38107ea3c988dbf0210248fc4d1e6

  • SHA512

    ec42988d129a3d6775a75d7afe4b3c6b1430ccc375319ecd872e32d1299d6ba5dbeff0ebdb1f5e966d38d930f094f7de76bc55061a07fd12f3ad36de9b7db636

  • SSDEEP

    1572864:IotHuxPhVvnYn9mikbh3FtuxRZwe74rE0mBS+vxy0DWVjivURo9V7A6:IoF0rvnYn9HY2Se1B1vhWV8

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      Decompiler V.2.4.rar

    • Size

      73.8MB

    • MD5

      86961889e1eb75e6f5ec6f96df826862

    • SHA1

      989727abc34182c44b5ba75e6b38fe11d7960896

    • SHA256

      10d68e96b17fe89e1672bb3df965728067c38107ea3c988dbf0210248fc4d1e6

    • SHA512

      ec42988d129a3d6775a75d7afe4b3c6b1430ccc375319ecd872e32d1299d6ba5dbeff0ebdb1f5e966d38d930f094f7de76bc55061a07fd12f3ad36de9b7db636

    • SSDEEP

      1572864:IotHuxPhVvnYn9mikbh3FtuxRZwe74rE0mBS+vxy0DWVjivURo9V7A6:IoF0rvnYn9HY2Se1B1vhWV8

    Score
    3/10
    behavioral1

    • Target

      Bugs.dll

    • Size

      12KB

    • MD5

      c559ad84688d4b3550b8efbaa58418a8

    • SHA1

      1daa2ca0f301ee28c7e9c3d0c596592bad077701

    • SHA256

      1e62746213938c3be93de2853c853db1b465a86f4f6756ed25a9330620c82a11

    • SHA512

      1af2cf37326cb8571a07cac511b1b5fd0784741062fb4ea84211ec1e13fbd2a7f4154ee3071c9ec5cc043392e6eecb37f08ad20617f6668a36246bba82713a24

    • SSDEEP

      48:G22222222222222222222222222222222222222222222222222222222222222n:2

    Score
    1/10
    behavioral2

    • Target

      Decompile Maps/16731919637.rbxl

    • Size

      2.0MB

    • MD5

      a185375d913b0c49cfdddf53a506d3bd

    • SHA1

      2cbf2508cd5c50a1aa59475bc237c85712bda48e

    • SHA256

      962473a4f18195aec3e2c63d75473439337fc40cf68395fdcbdd933721d61c40

    • SHA512

      7a3dfcccd64010cdcb563fd95714bac5aa814ec8ebc42679d638f22010273b11adfc4fc4c1af20c4ab0869375a728f5c1b83d2a21793af0ecf2f7d0c86488d3a

    • SSDEEP

      24576:p2D4lyDSq1TODnmwZfIDub7hTSppED9++0ifEi/WHu6+G7l/a7R4:80lyDV6nxeDub7ZqpEIF1O6H5a14

    Score
    3/10
    behavioral3

    • Target

      Decompiler V.2.4.exe

    • Size

      75.4MB

    • MD5

      7eaef81d5fa7765c87f64c9e8781957b

    • SHA1

      e1e390048941688e1bc92c8c4e9dc8401da3405b

    • SHA256

      55e26286c6d116b54651a895ecc736d8087ad9527547f61eec2d0ee3d95d9cb3

    • SHA512

      fc698f58ff38c0d107c413e951429f111ad13221931c65580b2cbddcb883816640cf024e48e971bf34b150829a6432cd7e9be25b65a8cc89dfbb761da252c476

    • SSDEEP

      1572864:HvhQ6l8xSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaSWRvZv2BYK:Hvh1ixSkB05awIxTy5nMHVLteSYYBZ

    Score
    9/10
    evasionexecutionpersistenceupx

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral4

    • Target

      discord_token_grabber.pyc

    • Size

      8KB

    • MD5

      849e6942b15c2008c7641432902645f5

    • SHA1

      60942191e1ab3c6d3edf697b57d09c1620c51710

    • SHA256

      fa4ec025ef2d20b6ebd19803e7131f6b540a7ba14d6769bfd62c37fb875a134b

    • SHA512

      0e6611f100ea22b2d5d5632cd099f87d57696b73bb9c9d10dde98477b2bb1ff927816b54ee005e07df49d6897f36ad3d858ac142ae082d25800f07597f67248a

    • SSDEEP

      192:ESB7osP1MJaugQXaafNqaclHJLOq3ZJFD/b8xjJzdJv:TP1iavQTqacyq35D0Fnv

    Score
    3/10
    behavioral5

    • Target

      get_cookies.pyc

    • Size

      5KB

    • MD5

      2754e3152f668e31fccca7b6f275716b

    • SHA1

      e9ed74d679a96372c4457e72bc6639a4d96a2378

    • SHA256

      f7e8a57b54489b5b3de66a1d21534ced3d2a2fb1ce8d03c69d4672e62aa00dca

    • SHA512

      a8331f1c179ed97e6f3821cd41953a5ef8a0b63b6d39022cd3f7980494eff8f00b4367301509014e83c410ed4a6db8e4441f8f3547b682aca250bc4fa29f0f47

    • SSDEEP

      96:STUBj1Mvk80VDdybA6HUicwKD7dxWeBJKZLpMglcTK94:wsSl0fQfUpwKfhijMgGW94

    Score
    3/10
    behavioral6

    • Target

      misc.pyc

    • Size

      2KB

    • MD5

      bcb404423ac51f798753e8d11e401071

    • SHA1

      9080018dae3aa157e3a97904c86af06d4a0a6873

    • SHA256

      572b18ccb1838f23714fae1c8cbb399a08796b1eb846960d5463d40ee784fe5a

    • SHA512

      25a2997cff19308956086ae4e464f5039e53149043f094f2a65dae4dfa78b6410650a3c4d1514511f23c6bf77228772fa7b8a3cf5119e4ed46edb65ac40ff800

    Score
    3/10
    behavioral7

    • Target

      passwords_grabber.pyc

    • Size

      4KB

    • MD5

      8b9cbd29c3dfec519a4313b1b7a0069b

    • SHA1

      5efb073593bc8908a7514dad78673c9d65344a6f

    • SHA256

      589d438226abfec8f71ab7724c68011303f82febb6786fd0c57571b0769764f3

    • SHA512

      c0099bcf2d23dd405b2e02e1fd1b946195015eabb1cbd2ce4896f1ab7e5bbc1fbe6600fa529087b5dc295c13219fb6bc1a6ac97efa4c0fc74901f70278c09bfd

    • SSDEEP

      96:2APDnTWeYwDTgWxiX79GzTOjYUyWkUUNPIslLClDWJpR6Yn:TzCUDxiLATmeEUNP/lL3JpsYn

    Score
    3/10
    behavioral8

    • Target

      source_prepared.pyc

    • Size

      63KB

    • MD5

      f7bdf2bbaf169358417e69dad9069df3

    • SHA1

      e6b9a62d00294ae672f0142ea4af6e904e8bdb5a

    • SHA256

      8e36eccc504e8edfdf58a048dea9a0523cd1b983d2545b554726ac64ec75008f

    • SHA512

      b2efab544c6e52461b502219a01630215e3c46ca5e81af44bcd2316d43388c2e4648865b50acca03d94e4bd0ee0ee27631a08ae4e830217df3fd4cf9b5064dc0

    • SSDEEP

      768:UTrrNlgVgwl6BRPLUJju4TFch+eXZldsN4uJ3EcUFNS9PSd5zcooVUgqqNwb1LvW:UjTgVgBPIRTFxikqcUFqOIooVNwtS7R

    Score
    3/10
    behavioral9

    • Target

      Lisence.md

    • Size

      12KB

    • MD5

      c559ad84688d4b3550b8efbaa58418a8

    • SHA1

      1daa2ca0f301ee28c7e9c3d0c596592bad077701

    • SHA256

      1e62746213938c3be93de2853c853db1b465a86f4f6756ed25a9330620c82a11

    • SHA512

      1af2cf37326cb8571a07cac511b1b5fd0784741062fb4ea84211ec1e13fbd2a7f4154ee3071c9ec5cc043392e6eecb37f08ad20617f6668a36246bba82713a24

    • SSDEEP

      48:G22222222222222222222222222222222222222222222222222222222222222n:2

    Score
    3/10
    behavioral10

    • Target

      LoaderScripts.py

    • Size

      2KB

    • MD5

      8f65f38bca462f4841aeca7b9fae6078

    • SHA1

      c6cfd3b8788a934a2830bf9dc561bffac072efab

    • SHA256

      cc3e3f0a38dcede5641b5f79f6d34907d11035cd33c02ed85d88541b07267512

    • SHA512

      2232a0442efb56bcf784a155ae46fc9b4f295985a307062efae1517cc13df59acf47669332a8d2f5d8057b8d0c73bad07b404125448a48bd5b821d18348c367b

    Score
    3/10
    behavioral11

    • Target

      Roblox HWD/Bugs.dll

    • Size

      12KB

    • MD5

      c559ad84688d4b3550b8efbaa58418a8

    • SHA1

      1daa2ca0f301ee28c7e9c3d0c596592bad077701

    • SHA256

      1e62746213938c3be93de2853c853db1b465a86f4f6756ed25a9330620c82a11

    • SHA512

      1af2cf37326cb8571a07cac511b1b5fd0784741062fb4ea84211ec1e13fbd2a7f4154ee3071c9ec5cc043392e6eecb37f08ad20617f6668a36246bba82713a24

    • SSDEEP

      48:G22222222222222222222222222222222222222222222222222222222222222n:2

    Score
    1/10
    behavioral12

    • Target

      Roblox HWD/Scripts.py

    • Size

      12KB

    • MD5

      c559ad84688d4b3550b8efbaa58418a8

    • SHA1

      1daa2ca0f301ee28c7e9c3d0c596592bad077701

    • SHA256

      1e62746213938c3be93de2853c853db1b465a86f4f6756ed25a9330620c82a11

    • SHA512

      1af2cf37326cb8571a07cac511b1b5fd0784741062fb4ea84211ec1e13fbd2a7f4154ee3071c9ec5cc043392e6eecb37f08ad20617f6668a36246bba82713a24

    • SSDEEP

      48:G22222222222222222222222222222222222222222222222222222222222222n:2

    Score
    3/10
    behavioral13

    • Target

      Scripts/Read me.txt

    • Size

      74B

    • MD5

      1eafb370745fb9795f326d278061b312

    • SHA1

      5ec661bde70f285929fd3b8d1a797b3185ce4e3a

    • SHA256

      23a249c66332e19288a056043d0c20ee6162e9f8b75f903519c36a8cad181b7f

    • SHA512

      def59d36b4848aad0ba0e972d5bc392fa23906f02cc4c6129e096d0b677a0fc1c56a2821c98b688102a0469c7f310bf24eea99c834357ad0497df58a35dd53c8

    Score
    1/10
    behavioral14

    • Target

      Scripts/Scripts.py

    • Size

      2KB

    • MD5

      8f65f38bca462f4841aeca7b9fae6078

    • SHA1

      c6cfd3b8788a934a2830bf9dc561bffac072efab

    • SHA256

      cc3e3f0a38dcede5641b5f79f6d34907d11035cd33c02ed85d88541b07267512

    • SHA512

      2232a0442efb56bcf784a155ae46fc9b4f295985a307062efae1517cc13df59acf47669332a8d2f5d8057b8d0c73bad07b404125448a48bd5b821d18348c367b

    Score
    3/10
    behavioral15

    • Target

      Scripts/ServerSide.py

    • Size

      2KB

    • MD5

      8f65f38bca462f4841aeca7b9fae6078

    • SHA1

      c6cfd3b8788a934a2830bf9dc561bffac072efab

    • SHA256

      cc3e3f0a38dcede5641b5f79f6d34907d11035cd33c02ed85d88541b07267512

    • SHA512

      2232a0442efb56bcf784a155ae46fc9b4f295985a307062efae1517cc13df59acf47669332a8d2f5d8057b8d0c73bad07b404125448a48bd5b821d18348c367b

    Score
    3/10
    behavioral16

    • Target

      decompile.dll

    • Size

      15KB

    • MD5

      a428d30cb8d650090164dc14c1b2e39e

    • SHA1

      40546e60121b492900074ceeff06c8ee2a84a644

    • SHA256

      df08a79955798f533b109f06b5018d0b8c840ab1b1b3f8bb9e7c6750e003a2bb

    • SHA512

      828fe3979c67ef75cbe4f149f0d69b09ea8c22ba70734943d55c45f56bc335cfd76aa78c2cadbcedd94ee9cfcfceb2255e1ddbc50a4aef805433dee9e26fceac

    • SSDEEP

      96:LSTfSSqOquSSqUSSqUSSqUSSqUSSqUSSquSSqUSSqUSSqESSqGSSqUSSqG:sDthhhhhthh7NhJ

    Score
    1/10
    behavioral17

    • Target

      krnlapi.dll

    • Size

      12KB

    • MD5

      c559ad84688d4b3550b8efbaa58418a8

    • SHA1

      1daa2ca0f301ee28c7e9c3d0c596592bad077701

    • SHA256

      1e62746213938c3be93de2853c853db1b465a86f4f6756ed25a9330620c82a11

    • SHA512

      1af2cf37326cb8571a07cac511b1b5fd0784741062fb4ea84211ec1e13fbd2a7f4154ee3071c9ec5cc043392e6eecb37f08ad20617f6668a36246bba82713a24

    • SSDEEP

      48:G22222222222222222222222222222222222222222222222222222222222222n:2

    Score
    1/10
    behavioral18

    • Target

      saveinstance.dll

    • Size

      1KB

    • MD5

      bcc46643e08397e3ef187ef67ffccbc9

    • SHA1

      9f0b5f566eb3365c11e41bf74f25d92c79338a55

    • SHA256

      02a764b4d690bf47eef77371387e87acbd44d9c64360d3e89b8cf2aebeb2929c

    • SHA512

      2e6dd0976af49f61eeba6d14b969572fac81ee20289c288822c3dbdf7d5b2a96cfb4c3649fc088406f04f2665ac7ee108043cc5eae17ac6bce476f106057efd7

    Score
    1/10
    behavioral19

MITRE ATT&CK Enterprise v15

Tasks